Hello all,
According to rev13 draft section 15.13.7.4 step 4,
4. If totalOffset ≥ byteLength, throw a RangeError exception.
But this doesn't guarantee target in range of buffer.
For example,
var view = new DataView(new ArrayBuffer(1));
view.getUint32(0);
In above example, calling GetValue(0, false, Uint32), and then totalOffset
is 0 and byteLength is 1, so a RangeError exception isn't thrown. But
because Uint32 requires 4 bytes, this access is out of range.
I think we should check (totalOffset + ElementSize) > byteLength, right?
--
Regards,
Yusuke Suzuki
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
